Currently, the XACML specification defines a protocol for request / response but leaves it up to interpretation as to how it can be integrated into an enterprise application. I believe that the value of XACML won't be realized unless there is the creation of a new open source project that attempts to develop/standardize around a set of common APIs.
For those who are familiar with XACML, I would love to understand their first reactions to creation of such a project, whether they would be willing to contribute and what they believe an XACML API would look like?
Maybe I don't understand the question, but doesn't the SAML profile for XACML do what you want? It defines SOAP formats for authzDecisionQuery and response records, which should be all you need for the WSDL.
I built one of these around Sun's interpreter for DOD/DISA (its on forge.mil), and a much faster version (not relesed yet) around a fully compiled implementation that directly transforms XACML into Java code. The main goal was readability, not speed, but its about ten times as fast.
IMO XACML works but is absolutely terrible as a language for people to look at. I'm more interested in finding a problem-specific language for expressing XACML's semantics so that people can understand them. Java beats XACML for this hands down, but Java's pretty clumsy as a domain-specific language. Perhaps Groovy?
PS: As our first shot at this we tried Attempto Controlled English (ACE). We quickly dropped that idea when we found ACE has nothing viable for expressing deeply nested conditionals (no parentheses or braces). And I'm not sure English was the right idea for this anyway, inspite of strong NSA interest in english-based policy languages.